Service Networking roles and permissions

This page lists the IAM roles and permissions for Service Networking. To search through all roles and permissions, see the role and permission index .

Service Networking roles

Role

Permissions

Servicenetworking Admin ^Beta

( roles/ servicenetworking.admin )

Admin role for servicenetworking

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.*

servicenetworking. operations. cancel
servicenetworking. operations. delete
servicenetworking. operations. get
servicenetworking. operations. list
servicenetworking. services. addDnsRecordSet
servicenetworking. services. addDnsZone
servicenetworking. services. addPeering
servicenetworking. services. addSubnetwork
servicenetworking. services. createPeeredDnsDomain
servicenetworking. services. deleteConnection
servicenetworking. services. deletePeeredDnsDomain
servicenetworking. services. disableVpcServiceControls
servicenetworking. services. enableVpcServiceControls
servicenetworking.services.get
servicenetworking. services. getConsumerConfig
servicenetworking. services. getVpcServiceControls
servicenetworking. services. listPeeredDnsDomains
servicenetworking. services. removeDnsRecordSet
servicenetworking. services. removeDnsZone
servicenetworking. services. updateConsumerConfig
servicenetworking. services. updateDnsRecordSet
servicenetworking.services.use

Servicenetworking Editor ^Beta

( roles/ servicenetworking.editor )

Editor role for servicenetworking

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking.operations.*

servicenetworking. operations. cancel
servicenetworking. operations. delete
servicenetworking. operations. get
servicenetworking. operations. list

servicenetworking. services. addDnsRecordSet

servicenetworking. services. addDnsZone

servicenetworking. services. addSubnetwork

servicenetworking. services. createPeeredDnsDomain

servicenetworking. services. deleteConnection

servicenetworking. services. deletePeeredDnsDomain

servicenetworking. services. disableVpcServiceControls

servicenetworking. services. enableVpcServiceControls

servicenetworking.services.get

servicenetworking. services. getConsumerConfig

servicenetworking. services. getVpcServiceControls

servicenetworking. services. listPeeredDnsDomains

servicenetworking. services. removeDnsRecordSet

servicenetworking. services. removeDnsZone

servicenetworking. services. updateConsumerConfig

servicenetworking. services. updateDnsRecordSet

servicenetworking.services.use

Servicenetworking Viewer ^Beta

( roles/ servicenetworking.viewer )

Viewer role for servicenetworking

resourcemanager.projects.get

resourcemanager.projects.list

servicenetworking. operations. get

servicenetworking. operations. list

servicenetworking.services.get

servicenetworking. services. getConsumerConfig

servicenetworking. services. getVpcServiceControls

servicenetworking. services. listPeeredDnsDomains

servicenetworking.services.use

Service Networking Admin ^Beta

( roles/ servicenetworking.networksAdmin )

Full control of service networking with projects.

servicenetworking.*

servicenetworking. operations. cancel
servicenetworking. operations. delete
servicenetworking. operations. get
servicenetworking. operations. list
servicenetworking. services. addDnsRecordSet
servicenetworking. services. addDnsZone
servicenetworking. services. addPeering
servicenetworking. services. addSubnetwork
servicenetworking. services. createPeeredDnsDomain
servicenetworking. services. deleteConnection
servicenetworking. services. deletePeeredDnsDomain
servicenetworking. services. disableVpcServiceControls
servicenetworking. services. enableVpcServiceControls
servicenetworking.services.get
servicenetworking. services. getConsumerConfig
servicenetworking. services. getVpcServiceControls
servicenetworking. services. listPeeredDnsDomains
servicenetworking. services. removeDnsRecordSet
servicenetworking. services. removeDnsZone
servicenetworking. services. updateConsumerConfig
servicenetworking. services. updateDnsRecordSet
servicenetworking.services.use

Service agent roles

Service agent roles should only be granted to service agents .

Role

Permissions

Service Networking Service Agent

( roles/ servicenetworking.serviceAgent )

Gives permission to manage network configuration, such as establishing network peering, necessary for service producers

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalOperations.get

compute.networks.addPeering

compute.networks.create

compute.networks.delete

compute.networks.get

compute.networks.list

compute. networks. listPeeringRoutes

compute.networks.removePeering

compute.networks.update

compute.networks.updatePeering

compute.networks.updatePolicy

compute.projects.get

compute.regionOperations.get

compute.routers.get

compute.routers.list

compute.routes.list

compute.subnetworks.create

compute.subnetworks.delete

compute.subnetworks.get

compute.subnetworks.list

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns. gkeClusters. bindDNSResponsePolicy
dns. gkeClusters. bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns. networks. bindDNSResponsePolicy
dns. networks. bindPrivateDNSPolicy
dns. networks. bindPrivateDNSZone
dns. networks. targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.create

dns.policies.delete

dns.policies.get

dns.policies.list

dns.policies.listEffectiveTags

dns.policies.listTagBindings

dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

networkconnectivity. internalRanges. list

resourcemanager.projects.get

resourcemanager.projects.list

Service Networking permissions

Permission

Included in roles

`servicenetworking. operations. cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. operations. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. operations. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cluster Director Service Agent ( roles/ hypercomputecluster.serviceAgent )

`servicenetworking. operations. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Reviewer ( roles/ iam.securityReviewer )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. addDnsRecordSet`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. addDnsZone`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. addPeering`

Owner ( roles/ owner )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cluster Director Service Agent ( roles/ hypercomputecluster.serviceAgent )

`servicenetworking. services. addSubnetwork`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. createPeeredDnsDomain`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )

`servicenetworking. services. deleteConnection`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cluster Director Service Agent ( roles/ hypercomputecluster.serviceAgent )

`servicenetworking. services. deletePeeredDnsDomain`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cluster Director Service Agent ( roles/ hypercomputecluster.serviceAgent )

`servicenetworking. services. disableVpcServiceControls`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )

`servicenetworking. services. enableVpcServiceControls`

Owner ( roles/ owner )

Editor ( roles/ editor )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )

`servicenetworking.services.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Compute Network Admin ( roles/ compute.networkAdmin )

Compute Network User ( roles/ compute.networkUser )

Compute Network Viewer ( roles/ compute.networkViewer )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud Deployment Manager Service Agent ( roles/ clouddeploymentmanager.serviceAgent )
Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cloud Data Fusion API Service Agent ( roles/ datafusion.serviceAgent )
Cluster Director Service Agent ( roles/ hypercomputecluster.serviceAgent )
Cluster Director Shared VPC Service Agent ( roles/ hypercomputecluster.sharedVpcServiceAgent )

`servicenetworking. services. getConsumerConfig`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. getVpcServiceControls`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )

`servicenetworking. services. listPeeredDnsDomains`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Compute Network Admin ( roles/ compute.networkAdmin )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Infrastructure Administrator ( roles/ iam.infrastructureAdmin )

Network Administrator ( roles/ iam.networkAdmin )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service agent roles

Cloud TPU V2 API Service Agent ( roles/ cloudtpu.serviceAgent )
Cloud Composer API Service Agent ( roles/ composer.serviceAgent )
Kubernetes Engine Service Agent ( roles/ container.serviceAgent )
Cloud Dataflow Service Agent ( roles/ dataflow.serviceAgent )
Cluster Director Service Agent ( roles/ hypercomputecluster.serviceAgent )

`servicenetworking. services. removeDnsRecordSet`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. removeDnsZone`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. updateConsumerConfig`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking. services. updateDnsRecordSet`

Owner ( roles/ owner )

Editor ( roles/ editor )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

`servicenetworking.services.use`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Servicenetworking Admin ( roles/ servicenetworking.admin )

Servicenetworking Editor ( roles/ servicenetworking.editor )

Servicenetworking Viewer ( roles/ servicenetworking.viewer )

Support User ( roles/ iam.supportUser )

Service Networking Admin ( roles/ servicenetworking.networksAdmin )

Service Networking roles and permissions Stay organized with collections Save and categorize content based on your preferences.